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KLBCTRQirrC ROUPS TOAMSm TNSTRlMgliTS 

Bafffcqround 

Thm invan1:ion jr^lates to elttctronic fuxids transfer 
5 instruMnts. 

As seen in Fig. 1, In a typical financial 
transaction 10 a payer 12 transfers funds to a payee 14. 
Individual payers and payees prefer different payment 
methods at different times , including cash, checlcs, 
10 credit cards aiMl debit cards. The transfer of funds 
betireen the payer 12 and the payee 14 may involve 
intermediate transactions with one or more banking 
institutions 16, The banks' functions include collecting 
and holding funds deposited 1^ accotmt holders and 
15 responding to instructions from the account holders. 
Checks are an exaaqple of financial transactions which 
invoke these banking institution functions. 

Pig. 2 shovs a paper check transaction 20, in 
vhich a check 22 is transferred from the payer 12 to the 
20 payee 14. The check 22 is typically found in a checkbook 
24. Each check has several blank spaces (for the date 
34, the name of the payee 30, the sum of money to be paid 
28, and the signature of the payee 38) to be filled out 
hy the payer 12. As each check is written, the payer 12 
25 keeps a record of the check in a check register 26 vhich 
ii^^s check transactions including the sum to be paid 28, 
the name of the payee 30, the identification number of 
the check 32, and the date of the transaction 34. 

In the body of the check 22, the payer 12 
30 instructs the payer's bank 36 to pay the stated sum of 
money 28 to the payee 14. The check 22 identifies the 
payer's bank 36, the payer's account number 40 (using 
magnetically readable characters) at the payer's bank, 
and the payer 23 (usually by printed name and address) . 
35 After filling in the date 34, the name of the payee 30 
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and the mum of money 28 as ordered by tixm payee 14 » the 
payer eigne the checit 22. A payee typically considers a 
check authentic and accepts it for payment if it contains 
the signature 38 of the payer, the printed identification 

5 of the payer 23 and the printed naee and logo 42 of the 
payer's bank 36, and does not appear to be altered. The 
check 22 also contains a routing and transit number 25 
i^ch indicates the routing of the check to the payer's 
bank 36 for presentment. 

0 After the payer 12 presents the completed check 22 

to the pi^yee 14 in a financial transaction (such as a 
sale of goods or services) , the payee 14 endorses the 
check 22 on the back vith the payee's signature 44 and 
deposits the check 22 vith the payee's bank 46. If the 

5 check looks authentic, the payee bank 46 provisionally 
credits the payee's account 48 for the amount of money 
designated on the face of the check 28 pending clearance 
through the federal reserve system and acceptance and 
payment by the payer's bank 36. 

0 The payee's bank 46 routes the check 22 to the 

payer's bank, possibly using the federal reserve bank 
clearing house 50 or other established clearing 
arrangement, which uses the routing and transit number 25 
to deliver it to the payer's bank 36, which then verifies 

5 the authenticity of the check 22 and (at least for some 
checks) the signature 38 of the payer 12. If the check 
22 is authentic and the payer 12 has sufficient funds in 
her account 40 to cover the amount of the check 28, the 
payer's bank 36 debits the payer's account 40 and 

D transfers funds to the payee's bank 46 for the amount 
designated on the check 28. A complete check transaction 
20 thus includes verification steps performed by the 
payee 14 and the payer's and payee's banks 36 and 46. 

The banks 36 and 46 send bank statements 52 and 54 

5 to the payer 12 and payee 14, respectively, ^ich reflect 
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evente at the transaction 20 pertinent to each of the 
parties for reconciliation of their accounts vith their 
records* 

Processing a paper check requires tixie as the 
5 physical check is routed to the payer, the payee, the 
payee's bank, the clearing house and the payer's bank* 
The sane is true of other types of financial transactions 
involving paper instruments, sucih as credit card slips 
generated during a credit card sale. In a credit card 
10 transaction, a merchant makes an impression of the 
customer f 8 caxrd, %rt)Lich the customer then signs, to 
function as a receipt for the transaction. The merchant 
typically obtains a positive acknowledgment or credit 
authorization from the custorcr's credit card craq^mny 
IS before accepting the credit card slip. This assures that 
payment vill be received. 

Several mechanisms for using electronic 
communication to substitute for paper flow in financial 
transactions are in use or have been proposed. 
?0 Electronic Check Presentment (SCP) is a standard 

banking channel used to clear checks collected by banks 
prior to or without routing the physical checks. The 
Automated Clearing House (ACH) is an electronic funds 
transfer system used by retail and cc»mercial 
25 organizations. ISie ACH acts as a normal clearing house, 
receiving a transaction over the network and then 
splitting and routing the debit and credit portions of 
the transaction to the payer's and the payee's banks. 
Electronic Data Interchange (EDI) is a similar electronic 
30 transactional system, primarily used for the interchange 
of business documents such as invoices and contracts. 
With EDI, the funds transfer is frequently transmitted 
over other financial networks, such as through electronic 
funds transfer or ACH. 
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So-called hoi&e banking allovs a consumar usa a 
hoaa or personal computer to, e.g., request that the bank 
pay certain bills. 

Electronic funds transfer (EFT) , or wire transfer, 
5 is used for direct transfer of funds f ros a payer to a 
payee, both usually corporations, using a bank's 
centralized computer as an intermediary. The EFT system 
nay be used in conjunction with the ACH system described 
above. 

0 Automatic teller machines (ATM) and point of sale 

(POS) devices allow an individual to conduct a 
transaction from a location outside the home. ATM's have 
remote computer terminals connected to the user's bank 
which allow access, directly or indirectly through 

5 switching networks, to the user's account in the central 
coBq;>uter of the bank. Similarly, POS devices are remote 
computer terminals located at a place of business which 
allow access to an individual's account information 
stored in a conqputer within a network of financial 

0 institutions, to permit transfer of funds from the user's 
account to the merchant's account at another bank* 

Check imaging, another electronic transaction 
procedure, involves the scanning of a paper check by a 
scanner, which digitises the image of the check pixel by 

5 pixel and stores the image electronically in a memory. 
The image may then be transferred electronically to 
substitute for or precede the physical delivery of the 
check, e.g., to truncate the clearing process. The image 
of the check may be recreated on a computer monitor or on 

0 paper for verification by the appropriate banking 
institutions . 

Several systems are currently used to secure 
electronic financial transactions. For example, XC chip 
cards, or smart cards, are small devices (containing 

5 chips with memories) which are capable of exchanging data 
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with a coapufcer or a terminal and of perforaing aiaqple 
data processing functions, arid are thus »ore versatile 
than a siaiple credit card. The snart card is portable 
and nay be easily iised in POS and ATM environments • 

5 IffVTWIllBflrY 

In general, in one aspect, the invention features 
a computer-based method in which an electronic instrument 
is created for effecting a transfer of funds from an 
account of a payer in a funds-holding institution to a 
ID payee, the instrument including an electronic signature 
of the payer. A digital representation of a verifiable 
certificate by the institution of the authenticity of the 
account, the payer, and the public key of the payer is 
appended to the instrument. This en2a>le8 a party 
15 receiving the instnment, e.g., the payee or a bank, to 
verify the payer's signature on the instrument. 

Ixqplementations of the invention may also include 
one or more of the following features. The electronic 
instrxment may include digital representations of (a) 
20 payment instructions, (b) the identity of the payer, (c) 
the identity of the payee, and (d) the identity of the 
funds-holding institution. Digital representations of a 
verifiable signature of the payer may also be appended to 
the electronic instrument. The electronic instrument may 
25 be delivered electronically to the institution at least 
in part via a publicly accessible data communication 
medium. At the institution, the signature of the payer 
and the certificate may be verified in connection with 
transmitting funds to the payee. An account number may 
30 be included in the electronic instrument. The account 
may be a deposit account or a credit account. The 
instrtuent may be an electronic substitute for a check, a 
traveler's check, a certified check, a cashier's check, 
or a credit card charge slip. The publicly accessible 
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data co&ttunicatlon aediua may be unsecured. The 

institution Bay be a bank. 

Also appended to the instrument may be digital 

representations ot a veri£iedE>le signature of the payee, a 
5 verifiable certificate by an institution which holds an 

account of the payee, and a verifiable certificate by a 

central banking authority with respect to the institution 

which holds the payee's account. 

Delivery of the instrument may be in part via a 
0 private controlled secure communication medium and in 

part via , a pxablicly accessible data communication medium. 

The electronic instrument may be delivered from an 

institution which holds an account of the payee to the 

funds-holding institution via an electronic clearing 
5 house. 

At the payee, the signatture of the payer and the 
certificate of the institution may be verified. At the 
institution holding an account of the payee, the 
signatxire of the payer and the certificate of the funds- 

D holding institution may be verified. 

The signatures may be generated by public key 
cryptography. The appending step may be done by a 
separate signature device from the device which performs 
the creation of the electronic instrument. 

5 Digital representations of a proposed transaction 

iand a verifiable signature of the payee may be delivered 
from the payee to the payer at least in part via the 
publicly accessible commiinication network. 

Information may be automatically transferred from 

[> the electronic instrument to a computer-based accounting 
system that tracks accoiints receivable or processes 
orders. A log of electronic instruments may be created. 

In general, in another aspect, the invention 
features apparatus including a portable token having a 

5 memory, a processor, and a port for communication with a 
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coB^uter. The nemory conluiins a private encryption key 
associated with an account in a funds-holding institution 
and which is usable to append a secure, verifiable 
signature to an electronic payment instrument drafted on 
5 the account. 

Iaq;»lementations of the invention may include one 
or more of the following features. The memory may 
contain certification information provided by the 
institution and which is usable to append secure, 
10 verifiable certificates to electronic payment instruments 
to certify a relationship between an owner of the 
signature and a public key of the owner. A unique 
identifier may be assigned to each electronic payment 
instrument. The portable token may be a PCMCIA 
15 compatible card, smart card or smart disk, which may 
inteimally hold a private signature key and a secure 
memory for the check serial number. The ceirtif ication 
information may be given a limited useful life. The 
memory may also contain certification information 
20 provided by a central banking authority and which is 
usable to append secure, verifiable certificates to 
electronic payment instruments to certify the 
authenticity of the funds-holding institution. The 
codification information provided by the central banking 
25 authority may have a limited useful life. The central 
banking authority may be a United States Federal Reserve 
Bank. The memory may also contain a complete or partial 
register of electronic payment instruments, or a subset 
of the information contained in the instruments, to which 
30 signatures have been appended. The appended signature 
may be a signature of a payer who holds the account in 
the institution, or an endorsement signature of a payee. 
The memory may also contain a i^sonal identification 
number for controlling access to the memory. 
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In general, in another aspect, the invention 
features a coaqputer-^based method of creating an 
electronic payment instrument. Digital payment data is 
formed «^ich represents the identity of the payer, the 
5 identity of the payee, and the amount to be paid. Then, 
in a secvire hardware token, a digital signature is 
appended to the data. 

In general, in another aspect, the invention 
features a computer**ba8ed method of endorsing a payment 

10 instrument by entering information included in the 

payment instrument in digital form into a secure hardware 
token and, in the token, appending a digital signature to 
the digital information. 

m general, in another aspect, the invention 

15 features a computer-based method for regulating the use 
of account numbers with respect to accoiints in a funds- 
holding institution. Digital account ntimbers are 
assigned for use by account holders in creating 
electronic instnments, the digital account numbers being 

20 distinct from non-electronic account numbers used by 
account holders with respect to non-electronic 
instruments. At the fund-holding institution, electronic 
Instruments are then accepted from account holders only 
if the electronic instruments include one of the digital 

25 account numbers. In implementations of this featiure, 
each digital account number may be linked with a non- 
electronic account number, and the two numbers may be 
linked with a common account in the institution, so that 
electronic instruments and non-electronic instruments may 

30 be drawn against the same account. 

In general, in another aspect, the invention 
features a computer-based method of attaching a document 
to a related electronic payment instrument by forming a 
cryptographic hash of the document, and appending the 

35 hash to the electronic payment instrument. 
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Zn general, in another aspeot, the invention 
features a coi^>uter«»ba6ed method for reducing fraud with 
respect to deposit of an electronic instrument with a 
funds-holding institution. A key-encrypted signature of 
5 the payee, a public key of the payee, a routing code of 
the institution, and a number of the payee ^s account in 
the institution are included with the instrument, and, at 
the institution, there is automatic checking of the 
routing code and the account number before accepting the 
10 electronic instrument. 

7n general, in another aspect, the invention 
features a computer-based method for reducing fraud 
associated with an electronic payment instrument. A 
cryptographic signature associated with a party to the 
15 instrument is appended to the instrument. Upon receipt 
of an electronic payment instrument, there is automatic 
checking of the cryptographic signature against 
cryptographic signature information of other electronic 
payment instruments previously received. 
20 Advantages of the invention may include one or 

more of the following. 

The invention provides an all-electronic payments 
and deposit gathering instrument that can be initiated 
from a variety of devices, such as a personal computer, 
25 screenphone, ATM or payments accounting system. 

Financial accoiuits may be rapidly and securely settled 
batween trading partners over open public or proprietary 
networks, without requiring pre*»arrangement, by inter- 
connection with the existing bank clearing and settlement 
30 systems infrastructure. The int^rration of controlled 
existing banking commimication systems with rapidly grow- 
ing public networks in a secure fashion will allow for 
implementation and acceptance by banking institutions, 
industry, and consumers. 



W0 9MIM5 



- 10 - 

The invention addresses the problem of gathering 
deposits electronically over piiblic networks, since it 
enables all customers, retail and commercial, to gather, 
transmit and deposit, e.g., cheoks, into their accounts 
5 without physically going to a bank branch. The invention 
provides an electronic payment alternative for trading 
using public data networks to conduct transactions* 

The invention to a degree electronically mimics 
heavily-used and well-sunder stood existing paper check 
10 processes to enable it to be readily accepted by the 

marketplace. By retaining the basic characteristics and 
flexibility of, e.g., the paper check, the invention may 
be adopted more rapidly. Due to its similarity to, e.g., 
paper checks, the invention can be used within the 
15 structure of existing laws, regulations, and standard 
business practices. 

A variety of types of payment Instruments may be 
implemented, e.g., certified checks, cashiers checks and 
credit card charge slips, and additional capabilities may 
20 be provided, e.g., future dating, limit checks, and 
multl^currency payments. 

The invention may be used In all maurket segments, 
from individual consumers to large corporations. It will 
enable businesses to safely and cheaply complete payments 
over public networks. Because the contents of the 
payment Instrument may be attached to the trading 
partner's remittance information, the Instrument will 
easily Integrate with existing or new applications, such 
as accounts receivable systems. 

The security of the payment Instruments enables 
open public networks to be linked to the financial 
payments and bank cleeuring networks in a secure fashion. 
The use of digital signatures, hardware based signing, 
and banks as certification agents, make the Instruments 
trusted and secure. They are tamper-resistant due to the 
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use of oryp^ographlc signatures. This will provide 
greater secturity and reduced fraud losses for all parties 
in the paynents process by eliminating aiost of the c<»aion 
causes of bad paper checks. To provide confidentiality, 
5 the instruments may also be encrypted whBn sent over 
public networks. 

The use of public-key certificates enables easy 
electronic authentication by a payee, and the payee's and 
payer's banks. Digital signatures can be validated 
10 automatically. 

Since the system can be fully automated, and new 
processing can be done outside of existing applications, 
such as a standard Demand Deposit Account (DOA) , the cost 
of processing an electronic instrument will be quite low, 
15 and the costs of implementation minimized. To further 
minimize implementation costs, the electronic instruments 
may be integrated with the existing bank infraatructture, 
including some of the mechanisms currently used for 
interbank clearing of checks and electronic payments, 
20 such as bilateral arrangements, ACH and ECP. 

Payers of all sizes gain substantial benefits. 
The use of electronic checks will be more cost effective 
than existing paper checks due to volume efficiencies and 
the automatic processing capabilities of coa^uters. The 
25 use of electronic mail or electronic transmission is less 
costly than physically transporting paper. In addition 
to the significantly reduced costs of creating and 
mailing a payment (no check stock, envelopes, stamps, or 
incremental labor) , the payer gains the ability to con- 
trol the timing of payments, both through futxire dating 
of payments and through the increased reliability and 
delivery speeds of electronic mail. 

The invention addresses the problem of fraud and 
supports prudent fraud management through integrated 
fraud prevention measures and distributed liability for 
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fraud. These mechanisxas will reduce most of the current 
causes of fraud, including forgery, alteration, 
duplication, and fraudulent depositing. In addition, 
because the electronic checJc inplenentation follows the 
5 check payment model, the potential liability of the banks 
for fraudulent transactions will be limited vhile 
equitably sharing the responsibilities for the integrity 
of the system among payer, payee, and banks. 

An electronic check may be issued from personal 

10 financial software and other coBq;>uting applications, 
through the use of an open programmatic tool set and 
application programming interfaces. Electronic 
instruments capability can be directly integrated into a 
payer's application, and does not require that a payer 

15 "go off*-line" to complete a transaction. This benefit 
will be available to both consumers, through integration 
with packages such as Intuit' s Quicken**, and businesses 
through integration with existing accounting systems. 

Other advantages and features of the invention 

20 will become apparent from the following description and 
from the claims. 



Dasoription 
Figure 1 is a block diagram of a financial 
transaction. 

25 Figure 2 is a flow diagram of the steps of a check 

transaction. 

Figure 3 is a flow diagram of the steps of an 
electronic instrument transaction. 

Figure 4 is a block diagram of a workstation. 
30 Figure 5 is a format of an electronic check 

template example for use with the World Hide Web. 

Figure 6 is a format of an electronic check and 
deposit endorsement instrument. 
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Figura 7 is a block format of a portion of an 
electronic check • 

Figure 8 is a format of a digital cryptographio 
signature based on DDS* 
5 Figure 9 is a block diagram of an electronic 

checkbook card* 

Figure 10 is a block diagram of the interaction 
between a screenphone and a server* 

Figture 11 is a block diagram of a certified check 
10 transaction. 

Figure 12 is a block diagram of a normal 
transaction flov. 

Figure 13 is a block diagram of a cash and 
transfer transaction flow. 
15 Figure 14 is a block diagram of a "lockbox" 

transaction flow. 

Figure 15 is a block diagram of a funds transfer 
transaction flow* 

Figure 16 is a block diagram of an electronic 
20 checkbook application interface. 

Figure 17 is a block diagram of electronic check 
API's, modules and protocols. 

At first we describe an Implementation of the 
invention called an electronic check. 
25 The electronic check is an electronic financial 

instrument which in some respects mimics the paper check. 
It is initiated and routed electronically, uses digital 
signatures for signing and endorsing, and relies on 
digital cryptographic certificates to authenticate the 
30 payer and payee and their respective banks and bank 
accounts and to provide a degree of security to all 
parties to the transaction. 

As seen in Fig. 3, the use of electronic checks 
may take advantage of the interaction between publicly 
35 available, relatively unsecure electronic networks 65, 
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such as the dial-up, Xntemet, virttlass, or e-mail 
networks, and established, relatively secure non-public 
financial networks and systeas 80. Public networks and 
banking networks are distinct entities in terms of the 
5 security of information during transmission over the two 
types of networks. Existing communications approaches in 
the banking system are secure and well disciplined. 
Public electronic networks are unsecured and to some 
degree less disciplined. The cxryptographically sealed 

10 and authenticated electronic check passing across gateway 
60 is the link between the public networks and secured 
financial networks. The gateway filters undesired 
traffic through and helps to prevent corruption of the 
secure financial networks resulting from intentional or 

15 unintentional access by persons operating in the public 
networks . 

As seen in Fig. 3, in a broad sense, a transaction 
is initiated when a payer 12, e.g., a consumer, 
electronically receives a memorandum of a proposed 

20 transaction 66, such as a bill, invoice or order form, 
from a payee 14 , e.g. a merchant. Alternatively, a 
transaction may be initiated by the payer 12 only. The 
memorandxm 66 may contain the payee's digital signatiire, 
which may be generated by the payee's secure 

25 authenticator 68 using public key cryptography. The 
payer 12 validates the payee's signature by using the 
payer's piiblic key to verify the payee's digital 
signature and thus authenticates the payee 14. To 
proceed with the transaction, the payer 12 electronically 

30 creates a financial instrument 74, e.g. an electronic 
check (e.g., on a personal computer), payable to the 
order of the payee 14, and signs and records it using the 
payer's secure authenticator 70. In effect, the secure 
authenticator 70 enables the payer 12 to digitally sign 

35 the instniment 74 with a private signature key and enter 
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tiim teansac^ion In a socure log, such as an slsct:ronic 
checkbook 71* A record of the transaction Bay also be 
kept In the payee's accounting system 72* The 
authenticator also appends to the check cryptographioally 
5 signed certificates of, e.g., the payer's bank and the 
federal reserve bank authenticating the payer's account 
and the payer's bank, respectively, fn^e payer 12 then 
electronically sends the instrunent 74 and the aenorandum 
66 via a public network 65 to the payee 14. 
10 Upon receipt of the instrxment 74 f roa the payer 

12, the payee 14 validates the payee's digital signattire 
using public key cryptography. The payee 14 verifies the 
payer's bank 82 and the payer's account with the 
certificates. The payee 14 also verifies that the 
15 instruaent 74 is not a recent duplicate, and holds it in 
storage until the date specified by the payer 12, if 
necessary. The payee 14 endorses the instruaent 74 with 
the payee's digital signature using its authenticator 68. 
In effect, this enables the payee 14 digitally to sign 
20 the instrument 74 with a private signature key and enters 
the transaction in a secure log, such as an electronic 
checkbook 69. The authenticator also appends to the 
check cryptographioally signed certificates of, e.g., the 
payee's bank and the federal reserve bank authenticating 
25 the payee's account and the payee's bank, respectively. 
The payee 14 detaches the memorandum 66 and forwards the 
memorandum and appropriate payment information from the 
electronic check to the payee's accounts receivable 
system 76. Finally, the payee 14 electronically 
30 deposits, typically via a public network, the instrtiment 
74 with the banking institution which maintains the 
payee's account 78. 

The payee's bank 78 receives the endorsed 
Instrument 74 deposited by the payee 14, validates both 
35 the payee's digital signature of endorsement and the 



W0 9601M5 



FCTAJS9M4771 



- 16 - 

payer's original dl9it:al signature using public key 
cryptography, verifies that the instrument 74 is not a 
reccmt duplicate and that the date of the instrument 74 
is valid and checks the certificates. The payee's bank 

5 78 then credits the sum of money specified in the 
instrument 74 to the payee's account and clears the 
instrument 74 with the payer's bank 82 via existing 
electronic settlement procedures, e.g., bilateral 
arrangement, ECP, ACH, ATH, EFT, or check imaging. The 

0 settlement procedures are carried out over a network 80 
connecting the computers of a large number of beuiking 
institutions, the network 80 itself indirectly connect^l 
with the public network 65. 

After clearance of the instrument, the payer's 

5 banking institution 82 receives the processed instrument 
74. The payer's bank 82 validates both the payer's and 
the payee's slgnat\ures using public key cryptography. 
The payer's bank 82 also verifies that the instrument 74 
is not a duplicate and that the date of the instrument 74 

0 la valid, and checks the certificates. If there are 
sufficient funds to cover the face value of the 
instrument 74 in the payer's accounti the payer's bank 82 
debits the payer's account, treating the item as a normal 
DDA transaction, and electronically sends payment to the 

5 payee's bank 78 over the financial network 80 to settle 
the payment. The instrument 74 is archived for permanent 
storage and retrieval 83 at the payer's bank or 
elsewhere. 

After the transaction has been completed, the 
0 payer's bank 82 issues a DDA statement 84 to the payer 12 
reflecting the debit to the payer's account, and the 
payee's bank 78 issues a statement, report or accounts 
receivable update 86 to the payee 14 reflecting the 
credit to the payee's account. Supplementary information 
5 related to the transaction in the instrument 74, such as 
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the payer's and payee's names or memo lines, can be 
included in the statement 84 or the report 86. The 
information contained in the statement 84 and the report 
86 may be automatically compared with the payer's 
5 accounting system 72 and the payee's accotints receivable 
system 74, respectively, to verify that the transaction 
was carried out properly. 

As seen in Fig. 4, a financial instrument such as 
an electronic check may be created or verified and 
10 endorsed at a computer terminal or workstation, such as 
the payer's workstation 90 or the payee's workstation 92. 
Both workstations have the same general format. Each has 
a CPU with disk storage and memory and a keyboard, mouse 
and display for interaction with the user. Modems 91 and 
15 93 (or other network connections) are attached to the 
workstations 90 and 92 permit information, including the 
electronic check, to be passed electronically to other 
parties to the transaction via one of the electronic 
networks. Each workstation 90 and 92 also has a PCMCIA 
20 port 98 and 100, into which a signature card, such as a 
PCMCIA card 94 or 96, may be inserted. The PCMCIA card 
94 or 96 is an electronic device that acts as the user's 
digital signature card, provides a secure means for 
generating a signature with a private signatiure key, and 
25 acts as an electronic checkbook. Alternatively, the 

electronic checkbook with its register may be a separate 
card from the digital signature card. 

Each workstation 90 and 92 contains a software 
package 102 or 104 to be run by the CPU. Besides the 
30 usual operating system, the software package contains 
programs for handling electronic checks. The payer's 
workstation 90 has manipulations of the electronic 
checkbook as one of its software applications, including 
invoking the signature fxinction of the PCMCIA card 94 to 
35 attach the payer's signature to an electronic check. The 
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electronic checkbook application prepares an electronic 
check to be sent to the payee 14 upon the input of the 
necessary information by the payer 12 and records the 
transaction in a secxare electronic register 95 • The 
5 payer's workstation 90 also has finance software for 
keeping track of the payer's transactions and 
coxaxQvmications software for sending the electronic check 
and other information electronically over one of the 
networks from its modem 91 to another party's modem » 

10 The payee's workstation 92 similarly has finance 

and comniunications software applications • However, the 
payee's workstation 92 has software for preparing an 
order or invoice to be sent to the payer 12 • It also 
contains software for invoking the signature function of 

15 the PCMCIA signature card 96 to attach the payee's 

signature to an electronic check as an endorsement before 
the payee 14 sends the electronic check to the payee's 
bank for deposit. 

The format of an electronic check is similar to 

20 the format of a conventional paper check. The electronic 
check is a standardized text block consisting of the 
check body, one or more signatures and one or more 
endorsements and certificates. It is formatted as a 
series of 7 bit ASCII text lines using a restricted 

25 character set in order to be compatible with a wide 
variety of electronic mail systems, including those 
implementing the Internet simple Mail Transfer Protocol. 
The format of the electronic check is based on tagged 
value pairs. Each information line is composed of a 

30 label name and a value, e.g., amount=$l9.95. 

An electronic check is typically created with a 
template document, as seen in Fig. 5. The top portion 
106 of the template 105 is contains the payee's 
remittance information. The bottom portion 107 of the 

35 template contains field that the payer completes to 
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prepare the electronic check. The template nay be sent 
by e-mail from the payee to the payer, in which caae the 
payer can use an editor or word processor to enter order 
and remittance information. The checX body can also be 
5 pre-formatted by the payee with the amount, "pay to the 
order of", and payer's public key lines already 
completed, allowing the payer to enter minimal 
information into the body of the electronic check before 
signing it. Alternatively, the payer can use a general 
10 template and an editor, word processor or other 
application, such as Quicken, to create a properly 
formatted electronic check. 

Once the template is filled in by the payer, the 
electronic check is signed by passing it through the 
15 payer's electronic checkbook. The electronic checkbook 
is contained within a PCMCIA card containing the payer's 
private signature key and certificates from the bank and 
the federal reserve. The certificates are 
cryptographically signed letters of reference attesting 
20 to the validity of the payer's account and the payer's 
authority to write checks against the account, and the 
bank, respectively. 

For example, in Fig. 6, electronic check 110 
contains an identification number for the electronic 
25 check 112, the date that the electronic check was created 
114, an order to the bank to pay a certain sum of money 
116, the name of the payee 118, the payee's public key 
119, the sum of money to be paid 120, the payer's account 
nximber 122, the name, address and telephone number of the 
30 payer 124, and the payer's signature 126 in digital 

format verifiable using the payer's public signature key 
134. An additional feature of an electronic check 
delivered over a public network is the payer's network 
address 128, e.g. an Internet address, to permit the 
35 payee to acknowledge receipt of the electronic check. 
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The electronic check also may contain a neno line 130 for 
storing infomation personal to the payer and a secure 
hash algorithm (SHA) 132 resulting from a calculation 
over an associated docximent, to attach securely items 
5 such as an invoice received from the payee. 

The standardized format of an electronic check 
makes it a flexible instrument, permitting multiple 
signatures, annotations and transformation into other 
document types. The standardized electronic check is 

10 also usable over different transportation means, such as 
the Internet and e-mail. In particular, the transport 
protocols include FTP, STTP and HTTP for the Internet. 
The format of the electronic check is independent of the 
transport protocol. 

15 Further, the format of an electronic check is 

modular, in that several information lines can be grouped 
as a block, as seen in Fig. 7. Any number of information 
lines 3 grouped between begin and end lines 4 and 5 is a 
block 6. Each block has an identifying name which is 

20 used to reference it, and blocks can be combined to form 
other more complicated documents with a meta line 7. The 
modularity of electronic checks also allows for 
independent signature of any block by any entity and for 
use of the system for other financial instrviments , such 

25 as letters of credit and loan documents. 

The security and authentication aspects of 
electronic checks are supported by digital signatures 
using public key cryptography. Public key cryptography 
uses very large numbers and complex mathematical 

30 calculations to protect the integrity and secrecy of an 
encoded electronic transmission. As seen in Fig. 8, a 
digital cryptographic signature 101 is a long number or 
numbers (here expressed in hexadecimal notation) 102 
which are produced by the signer's use of his private 

35 signature key and the message to be signed as inputs to 
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th« pxablic key signature algorithm. The signature may 
also be accompanied by a date and time stamp 103. The 
cryptographic Infrastructure Is used to authenticate the 
payer and account, electronic check document and Issuing 
5 bank, and to securely seal the electronic check, 

permitting the use of public networks for sending the 
electronic check. Most importantly, digital signatures 
may be used to verify a document after Issuance. 

A public key, applied to verify a cryptographic 
10 digital signature, is always generated in conjunction 
with the private key which is used to create the 
signature. The payer's digital signature 126, the 
payer's public verification key 134, and the message 
which was signed are used as inputs to the public key 
15 signature verification algorithm, which produces a true 
or false value. Public key cryptographic signatures are 
useful because the signature of a signer, computed using 
the signer's private key, can be verified by anyone else 
who knows the signer's public key. Since the signer 
20 computes his signattire on a document using his private 
key, and since the verifier verifies the signer's 
signature using the signer's public key, there must be a 
way for the verifier to trust the association between the 
signer (and his account information) and the public key 
25 used to verify the signer's signature on the electronic 
check. Cryptographic signatures are used to sign checks 
when they are written, co-signed, endorsed and processed. 
Cryptographic signatures are also used by certification 
authorities to sign certificates or "letters of 
30 reference** that contain a name or description of a signer 
and the signer's public key. Thus, anyone who trusts the 
certification authority and who knows the certification 
authority's widely pia>lici2ed signature verification key 
can verify the certificate and trust the signer's public 
35 key for use in verifying the signer's signature. 
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A pairty signdLng an elftcteonic check is the only 
entity In possession of its private signature key. The 
private signature key need never be exposed to a third 
party, making it difficult to forge. The private 
5 signature key generates a cryptographic signature in a 
secret code, which is unique and is identified only with 
the signer. Signature cards always keep the private key 
internal to the processor and meaory on the card. The 
document to be signed is sent into the signature card, 

10 and the signature card uses the private key to compute 
the signature* The private key is never accessible via 
the card's connector. 

The public signature key must be used in 
conjunction with a cryptographic signature verification 

15 algorithm upon receipt of the signer's signature to 

verify the signature. The public signature key is known 
and used by others, ^o obtain the public keys prior to 
or during a transaction. The use of pxiblic key 
cryptography allows the public keys to be used and stored 

20 independently of the private keys. However, the public 
and private keys are mathematically linked, since they 
are generated as a pair. 

Tamper-resistant signature cards or other hardware 
devices are useful to compute the cryptographic digital 

25 signatures without the possibility of disclosing the 
signer's private signature key. Tamper-proofing of an 
electronic check and associated information is achieved 
using digital signatures and a secure hash algorithm. 
Signature cards, or special cryptographic processors, can 

30 be used to better secure the private keys and greatly 
reduce the need for diligence and skill on the part of 
the account holders to secure their keys, especially 
against attacks through network connections by coaqputer 
hackers. Further, the signature card may keep a non- 
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erasable log of docuaents signed, so that the holder can 
review ^rtiether all uses of the card have been legitiaate. 

One difference between an electronic check and a 
paper check is the presence of authenticating 
5 certificates, in particular an account certificate 136 
and a bank certificate 138. The payer can expedite the 
establishnent of trust among the parties to the 
transaction by enclosing with the signed check a "letter 
of reference" or cryptographic certificate 136 regarding 
10 the payer's account, stating the payer's naae, address 
and telephone niunber 124 and Intexiiet address 128, 
account number 122, and public signature verification key 
134, signed by the bank holding the payer's account with 
its digital signature private key 140. Similarly, a 
15 second letter of reference or certificate 138 regarding 
the payer's bank states the payer's bank's name 142, 
address 144, electronic network routing code 146 and 
ptiblic signature verification key 148, signed by a 
central body such as the federal reserve with its digital 
20 signature private key 150. Therefore, anyone knowing the 
federal reserve's public signature verification key 152 
can sequentially verify the bank's certificate 138, the 
accoiint certificate 136, and then the payer's signature 
126 on the electronic check. 
25 The certificates are the electronic check 

mechanism for providing a trusted identification between 
trading partners. The trust mechanism currently used is 
pre-arrangement of the transaction, so that the receiving 
PAZ^y Is assured of the secure transmission of the 
30 transaction. The structure of the electronic check 

system with certificates enables banks or their agents, 
in the role of trusted parties, to provide certificates 
that validate the identity and authenticity of the 
electronic check Issuer. Trading partners will be able 
35 to validate these certificates, if desired, on-line, and 
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conduct business without: pro-arrango»ent, tout vitto tlie 
assurance that the other party to the transaction is 
authentic. 

The use of certificates in the electronic chetik 
5 systes permits validation at any point, by anyone, in the 
payaent cycle. Electronic checks and electrcmic 
chedcbooks can be authenticated by the use of public key 
certificates at any point in the settleaent cycle by the 
payee or the bank. Further, deposit slips and 

10 endorsesents by the payee nay be cryptographically linked 
to an electronic check as it is processed, resulting in 
an electronic document suitable for archiving and use as 
evidence of payaent. 

In order for payers to detemine the public 

15 signature keys of payees, and thereby help to ensure that 
their checks are paid to the correct person, it nay 
useful to publish the public signature keys in a public 
directory. Alternatively, the payee can furnish his 
public signature key and certificates with the order 

20 blank, invoice or renittanee infonaation. In this case, 
the payer nay consult the certificate revocation list 
(CRL) portion of the directory service to deteraine 
whether the certificate and account are still valid. 
Similarly, the payee may consult the CRL to determine the 

25 status of the payer's account prior to endorsing and 
depositing the electronic check. 

An electronic check may be delivered by hand, 
direct transmission or piiblic electronic mail syst«i». 
An electronic check may be printed out at the bank of 

30 first deposit and passed through the system as a paper 
check. The signatures and certificates are also produced 
with OCR and scanned by the issuing beunk. Electronic 
checks transmitted via electronic mail may be accessed at 
personal coaqputers with industry-standard protocols or 

35 Application Programming Interfaces (API's), such as VM 
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or M&PZ, or tbey itay be enbeddad vltiliin dedicated 
application protocols such as the HTTP server protocol 
used by Internet World Hide Web servers. In either case, 
the f omat of the electronic checdc is independent of the 
5 underlying transmission protocol. Further, disclosure of 
the electronic checlc instnment during transmission will 
not enable fraudulent presentation by others. Thus, the 
payee need not acknowledge receipt of the electronic 
checdc. However, the payer's e-mail address is included 
10 to peziftit acknowledgement. Systems providing certified 
electronic mail may be used to provide a guarantee of 
delivery. 

Upon receipt of the signed electronic check and 
associated order, invoice or remittance infonsation, the 

15 payee processes the payer's order, extracts the 

electronic check and endorses the electronic check. The 
endorsement is done by the payee's electronic checkbook, 
which signs the check, adds its own endorsement 
information and appends the payee's certificate 

20 information. The payee's PCMCIA card also automatically 
assigns sequential transaction numbers to endorsements to 
ensure that each endorsement is unique. This number 
should be included in the deposit and clearing 
information, so that the payee cem reconcile cheoks 

25 mailed to the payer's bank for cashing with the deposits 
recorded in his bank statement. 

Upon endorsing the electronic check, the payee 
creates a deposit instrument 160 which is attached to the 
electronic check 110, as shown in Fig. 6. The deposit 

30 instrument 160 may contain some of the same information 
as in the endorsement, such as the payee's account 
number. The deposit instrument 160 contains an 
identification number 162, the date 164, and the sum of 
money to be deposited 166. It also contains the payee's 

35 account number 168, the name, address and telephone 
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number of the payee 170, the payee's Internet addbress 174 
and the payee's signature 175 in digital format readable 
using the payee's public signature key 172. The deposit 
instrument 160 also may contain a memo line 180. 
5 She deposit instrument may also contain an account 

certificate 190 and a bank cexrtificate 192. The account 
certificate 190 states the payee's name, address and 
telephone number 170 and Internet address 174, account 
number 168, and public signature verification key 172, 

10 signed by the bank holding the payee's account with its 
digital signature 176. Similarly, the bank certificate 
192 regarding the payee's bank states the payee bank's 
name 178, address 182, electronic network routing code 
184 and public signature verification key 186, signed by 

15 a central body such as the federal reserve with its 
digital signature 188. Anyone knowing the federal 
reserve's public signature verification key 152 can 
sequentially verify the bank certificate 192, the account 
certificate 190, and then the payee's signature 175 on 

20 the electronic check. 

The endorsement function of the electronic 
checkbook need not be as secure as in the case of 
originally signing an electronic check. However, a 
heightened level of security is needed if the same 

25 signature card is used by the payee for both check 
writing amd endorsement. 

The endorsed check is then forwarded to the 
payee's bank to be deposited or cashed, with the proceeds 
to be deposited to the payee's account. Payments or 

30 deposits consisting of electronic checks are gathered by 
banks via e**fliail or other protocols and cleared through 
standard banking channels, such as bilateral agreement, 
ACH or ECP, automatically following the bank routing code 
146. 
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U|>on receipt of the endorsed check after 
clearance, the payer's bank verifies that the check was 
properly endorsed using the payee's public signature key. 
It also verifies the payer's signature, and optionally 
5 the account and bank certificates. The amount of the 
check is debited from the payer's account, assuming 
available funds, and then stored for archival purposes. 
Finally, an ACH credit transaction is originated to 
settle with the payee bank (or multiple transactions with 
10 the payee bank may be settled in an accumulated group) , 
which credits the proceeds of the cashed check to the 
payee's account at the payee's bank, if the size of the 
check so warrants, the payee's account may be credited by 
Fed Hire or other expedited processing. For example, the 
15 payer's bank may e-mail notification to the payee's bank 
for crediting prior to receipt of actual funds by other 
means. 

The payer's bank will return the endorsed 
electronic check to the payee if it cannot be cashed, 
20 e.g. due to insufficient funds, or if the deposit 

transaction fails, e.g. the payee's account is closed. 
For exaaiple, if the deposit transaction fails, the 
payer's account may credited with the amount of the 
returned check in some flows. 
25 The payer's and payee's banks provide statements 

or reports to the payer and the payee, respectively, 
regarding their electronic check transactions. These 
statements may be generated electronically or on paper. 
The payer's bank may include a copy of the electronic 
30 check with the payer's statement. The payee's bank may 
identify the payee's deposit transaction on the payee's 
statement, including the deposit number, so that the 
payee can reconcile an electronic check sent 
electronically to the bank for cashing with the 
35 transactions actually credited to the payee's account. 
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The priaairy securl^ element of electronic checks 
Is the use of an electronic checkbooK in the form of a 
PCMCIA card, ^ich generates an electronic check and 
stores a record of it in a secure check register. 
5 Possibly suitable PCMCIA cards are Tessera, National 
Semiconductor's iPover and the Teleguip CryptaPlus card. 
Alternatively, the electronic checkbook may be 
implemented in an ISO format IC chip smart card or smart 
disk (perhaps without the check register due to memory 

10 limitations) , or it may be implemented in cryptographic 
hardware processors for use by systems that process large 
volumes of checks or maintain a number of electronic 
checkbooks. The PCMCIA card is ideal for a transaction 
between two personal coa^uters, but the smaller and more 

15 portable smart card is better suited to a POS transaction 
at a merchant's premises (if the appropriate smart card 
reader is implemented) • 

A PCMCIA card is an electronic device that 
provides greater security for a financial transaction. A 

20 PCMCIA card, or in the case of mainframe accounting 
systems, a secure black box, e.g. a Racal's Guar data, 
protects transactional systems from unauthorized access. 
The PCMCIA card is a separate, narrowly defined, secure 
electronic environment used in conjunction with a 

25 terminal such as a personal coaqputer. Information passes 
back and forth between the PCMCIA card and the terminal 
or workstation* 

The tamper-resistant PCMCIA card contains a 
mechanism to generate or store unique check identifiers 

30 and calculates and verifies digital signatures and 

certificates using public key cryptography^ The PCMCIA 
card securely stores the user's private cryptographic 
key, which is used to digitally sign electronic checks 
when they are written and endorsed. The PCMCIA card is 

35 preferably initialized by deriving its own random private 
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koy using an internal hardvare random nuaber generator* 
Certificates are provided and backed by a Certificate 
Issuing System (CIS) . 

Tbe PCMCIA card is also protected by providing for 
5 entry of a personal identification nusber (PIH) • The PIN 
and private signature key must be stored in the 
electronic checkbook in such a vay that they cannot be 
read out through the electronic interface of the 
electronic checkbook. Some mechanical action may be 
10 required of the payer for each new check, either 
reinsertion of the PCMCIA card into its port on the 
payer's vorkstation or activation by a push button on the 
card itself, to guard against fraudulent use of the card 
once it is attached to the payer's coaputer* 
15 Additionally, a time-out mechanism may be used. The 
PCMCIA card also maintains a register of checks signed 
and issued. The electronic check register should be kept 
in the PCMCIA card for security reasons, and it should be 
read only from the PCMCIA's interface. The register may 
20 be read, but not overvritten. 

As seen in Pig. 9, a PCMCIA card 200 must contain 
at least the PCMCIA card serial number 202, the pin 204, 
the cryptographic function 199, the signer's private 
signature key 206, and check and endorsement logs 224 and 
25 226 in a register 222. The public keys for the federal 
reserve 220, the account certificate 208 and the bank 
certificate 210 may be kept on the PCMCIA card, but 
storing them in the vorkstation permits verification 
using the federal reserve's public key in the case of 
30 suspected alteration of the certificates. The electronic 
checkbook should be accessed usii^ a standard API 228. 
The input and output of the electronic checkbook should 
be conqpatible with mail user agents, file editors and 
other software for general uses, as well as specialised 
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financial applications, on a variety of platforms 
including personal coiq;niters and %rorkstations. 

The electronic checkbook contains a register 222 
that functions like a conventional checkbook register, 
5 but without account balances. When an electronic check 
is created, the electronic check number, date, aaoimt, 
payee, signature and hash are recorded in a check log 
224. For each deposit nade into the electronic check 
accoimt endorsed by the electronic checkbocdc, the deposit 

10 number, date and amount are stored in an endorsement log 
226, If the electronic checkbook has the capability, 
there may also be entries for bank fees and interest 
earned on the account. Integrating the electronic 
checkbook with other software applications would allow 

15 the electronic check accoimt to be automatically 

balanced. Since the register may only have a limited 
memory space, the oldest transactional items are removed 
automatically when the memory has been exhausted. 

The PCSfCIA card 200 acts as an electronic 

20 checkbook in conjunction with various application 
fimctions 221. For example, an interface with the 
Internet is set up in a World Wide Web browser and 
server. There is also a form generator for electronic 
checks and other forms. In particular, a merchant will 

25 have applications such as a sales catalog, accounts 
receivable and order processing. There are also 
communications and other personal finance application 
functions. The output 223 of the PCMCIA card is an 
electronic check, either signed by the payer or endorsed 

30 by the payee. A QIF formatted file or an applications 
interface file are generated in software outside the 
electronic checkbook. 

The electronic checkbook 200 should also be 
coaq^atible with a screen-based telephone 250 connected to 

35 a dial-up server 252, as seen in Fig. 10. In this case. 
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most: of the con1:en^ of the electronic check would be 
asseMbled by the screenphone 250 and the server 252 using 
Information stored by each. The variable information, 
such as the payee and amount, vould be sent from the 
5 screenphone to the server as part of the on-line 
transaction. To ccmplete the electronic check, the 
screenphone would enable the electronic checkbook 200 
using the payer's PIN 204, the electronic checkbook would 
sign the electronic check, and the screenphone would send 
10 the signature to the server. The server would verify the 
signature and assemble the completed and valid electronic 
check for mailing to the payee 14. 

The PCMCIA card prefixes each electronic check 
with its serial number, which is imbedded in the 

15 processor of the card during its manufacture. This 

number helps determine Aether the electronic check was 
signed by a legitimate electronic checkbook in case of 
fraud investigations. The PCMCIA card also automatically 
increments the numbers of the electronic checks. Since 

20 the check numbers for each PCMCIA card will be sequential 
and since each PCMCIA card will have its own public 
signature key, every chedk will be unique. 

Another feature of the PCMCIA card is the use of a 
secure hash algorithm (SKA), such as an HIST Secure Hash 

25 Algorithm, with respect to documents or information 

associated with or attached to an electronic check. This 
feattare ••seals" the associated information and binds it 
to the signcKl electronic check. The payee can then 
verify that the associated information belongs with the 

30 electronic check and has not been changed after the 
electronic check was signed. 

The only function irtiich must be performed by the 
PCMCIA card is creating the signature, since the payer's 
Private signature key can never be allowed to leave the 

35 PCMCIA card, for security reasons. However, better 



PCTAJS9«D4r71 



• 32 - 

security is achieved if tbe SBK of tbe electronic check 
is also performed by the PCMCIA card, so that the PCMCIA 
can be sure that the nimber, date, payee and asount 
logged into the PCMCIA card are the ones used in the 

5 conputation of the SHA. 

The electronic checdcbocdc is issued by the bank 
that holds the electronic checking account* Initialised 
electronic checkbooks may be sent to the account holder, 
in which case the PIN should be sent separately for 

0 security reasons. Alternatively, uninitialised cards may 
be distributed to bank branches. The bank officer can 
then use a trusted initialization teaninal and a special 
smart ceurd identifying the bank officer to established a 
secure connection to a centralized CIS. The new card is 

5 inserted into the terminal to be initialized. This 

method has the advantage of making electronic checkbooks 
immediately available to new customers, accounts can be 
added to electronic checkbooks already being used by the 
customer, and certificates can be refreshed prior to 

0 their expiration dates without issuing new electronic 
checkbooks. The bank, or its agent, is also acting as a 
certifying authority since it is responsible for 
authenticating the identity of the electronic checkbook 
holder and for ensuring that the electronic checkbook and 

5 PIN are delivered to the correct person. The electronic 
check may also support correspondent banking 
relationships, and will allow another bank or approved 
third party to act as a stand*in processor for electronic 
checks for banks that are unable to directly support the 

0 processing requirements for electronic checks. This will 
facilitate electronic check deployment in a secure way 
without affecting the traditional bank-customer 
relationship • 

Similar functions to those of the PCMCIA card can 

5 be served by large scale cryptographic processors, such 
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as Atalla or Racal Guardata boxes, for large operations 
where individual signatiure cards are impractical. For 
servers or mainframes which issue or endorse a large 
voltime of checks, or which issue or endorse checks on 
5 behalf of a number of account holders, the processing and 
key storage capacities of signature cards may be 
exceeded. In this case, special cryptographic hardware 
must be used* 

Although the electronic check's primary use is to 
10 make electronic payments on public networks, it may be 
used in any situation where a paper check would be used. 
For example, banks will use electronic checks to gather 
electronic deposits from public network users, providing 
an opportunity for complete full service electronic 
15 remote banking anywhere the customer is connected. PCS 
and ATM implementations are also possible. 

The electronic check also provides a generic model 
for all electronic, digitally signed and authenticated 
financial instruments. The check provides a well 
20 tmderstood model for payment, and its electronic analog 
is necessary for electronic commerce, even if other forms 
of electronic payment exist. The electronic check will 
tie other forms of payment into the financial 
infrastructure, since checks end up involved at some 
25 point in most payment mechanisms. 

Through ispecif ication of user-defined attribute 
parameters and routing information, the electronic check, 
unlike a paper check, can be made to resemble other 
financial payments instruments. The flexibility of the 
30 parametric approach enables multiple electronic payments 
instruments to meet current needs, while providing for 
new financial instruments. The electronic check may 
embrace a wide variety of the debit and funds transfer 
fvmctions found in today's banking, as well as other 
35 functions yet to be introduced. The provision of new 
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paraMtttTs vould anablo a variety of sispla and coi^und 
tiransactionB, such as cashier ^s and certified checdcs, 
drafts on a savings account or lines of credit, 
traveler's checks, credit card debits or credits, foreign 
5 or Multi-currency drafts, and "split" or "limit* checks 
that say be endorsed "up to" a predefined limit. These 
possible instruments will present new processing options. 
For example, an electronic check may be made out such 
that it is valid up to a certain amount, e.g., for a 

10 hotel room deposit. When endorsed, the electronic check 
can then be endorsed for the actual amount of the 
expense, up to the previously defined limit. Other 
examples may include letters of credit, loan agreements 
and loan applications. In some cases, changing the 

15 instrument type may change the conceptual flow, or 

routing information; in other cases, the flow may remain 
unchanged. 

For example, as seen in Fig. 11, a certified 
electronic check involves a payer 12 creating an 

20 electronic check in the usual manner as described above. 
Certified checks are endorsed and cashed similar to 
normal checks, except that the payee 14 is guaranteed 
that the funds are available. The payer 12 e-mails the 
electronic check to the payer's bank 36 for 

25 certification. The bank may require the use of privacy 
enhanced mail or an equivalent to ensure the identity of 
the payer and that the communication with the payer is 
confidential. The bank will then append a certifying 
signature to the check and e-mail it back to the payer. 

30 Upon receipt of the certified electronic check, the payee 
can verify the bank's certification signature as part of 
the validation of the checdc. 

As seen in Figs. 12-15, there are multiple 
scenarios for the functional flow of electronic checks. 

35 In the "deposit and clear" scenario (Fig. 12), the payer 
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12 receives a bill or invoice from the payee, issuee an 
electronic check, and sends it to the payee. The payee 
14 endorses the electronic check and presents it to his 
bank 46 which, in turn, will settle it with the payer's 
5 bank 36. This is the usual format, as described in 

detail above, in the "cash and transfer" or "Z" scenario 
(Pig. 13), the payer 12 receives a bill or invoice from 
the payee, issues an electronic check, and sends it to 
the payee. The payee 14 endorses the electronic check 
10 and presents it directly to the payer's bank 36, which 
sends payment to the payee's accotint at his bank 46. Por 
the "locdcbox" scenario (Pig. 14), the payer 12 receives a 
bill or invoice from the payee 14, issues an electronic 
check, and sends it to the payee's bank 46, either 
15 directly or via a lockbox 260 or other secure 

intermediary. The payee's bank 46 then sends accounts 
receivable information to the payee and dears the 
payment with the payer's bank 36. In this scenario, 
there may be no payee endorsement. Finally, in the 
"funds transfer" scenario (Fig. is) , the payer 12 
receives a bill or invoice from his bank 36 (assuming 
electronic bill presentment allows for capture of the 
payee's bills by the payer's bank) , issues an electronic 
check, and sends it to his bank. The payer's bank 36, in 
25 turn, transfers funds to the payee's account at the 

payee's bank 46, which sends a record of the transaction 
to the payee 14 with accounts receivable information. 

It is clear that electronic checks can be used 
directly between individual parties, or through third 
30 party service providers. Electronic checks can be 
exchanged consumer to consumer, consumer to business, 
business to consumer, and business to business. If the 
payer is a business, then the requirements for signing 
and logging capaci^ in the electronic checkbook may be 
greater due to volume requirements. 



20 
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Tbe f orsate of an •Ittcteonic dieck and thm mntirm 
electronic die^ systea will be unifon, so lihat the 
electronic ctiedc system aay be Interconnected and used in 
conjunction vith standard Application Programing 
5 Interfaces (API's), such as standard electronic checkbooik 
interfaces and electronic checlc display interfaces. 
API's apply on the level of individual check processing 
as veil as integration of the entire systen. For 
exaq;>le, the C language may be used to define an 

Id electronic check vith field such as the date, the amount 
and the payee. Also, the Internet World Hide Neb brovser 
interacts vith the electronic checkbook using an API to 
create the cosplete electronic check. The electronic 
check API's do not change, so that the system may be 

15 interfaced vith any system by revriting the particular 
system API and the link to the electronic check system. 

For example, as seen in Fig* 16, an electronic 
checkbook 200 sends an electronic check over the netvork 
65 after interfacing vith a driver 201 at a connector 

20 interface 205. The driver 201 vorks under a driver API 
203, vhic^ is connected to the signer's application 
softvare 207. Through a mail API 209, the completed 
electronic check is sent over the netvork 65. 

The electronic check system may be considered a 

25 module %rtxich provides services to other modules and to 
API's. The flov of an electronic check throu^ the 
system is governed by a series of protocols. The API's 
provide electronic check services to user interface 
applications, to financial applications such as bill 

30 payment, and to third party applications. The modular 
design of electronic checks also permits separation of 
the cryptographic ftinctions from the applications vhich 
%rrite and endorse checks, both physically and logically, 
to facilitate application of the cryptographic 
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infraBtructura t:o secure other financial instruBantusi oar 
docuMents; i.e., t%ro cards »ay be used. 

The five primary applications and API's needed for 
the electronic check system are managesent, check 
5 writing, check acceptance and endorsement, check clearing 
and reconciliation. Management functions allov for card 
issuance, inactivation, reactivation, and signature key 
management functions. Check writing is assumed to be 
P^formed by the payer, acceptance and endorsement by a 
10 payee, clearing by the banks, and reconciliation by the 
payer. Most users and organisation will assume the roles 
of both payer and payee, but at different times. 

There is a base set of supporting modules. These 
base modules provide for the creation, destruction, and 
15 manipulation of a parameterized electronic financial 

instrument (the electronic check) , the Interpretation of 
such Instruments as electronic chedks, the generation and 
verification of digital signatures on the payment 
instruments, and the interaction with electronic 
20 checkbook hardvare devices. 

API functions for supporting the application needs 
described include a "write* function, for creating an 
electronic check, bdLnding it to an attached document (if 
present) and signing the electronic check; a "co-sign** 
25 function, for appending a second signature to the 
electronic check; a "verify* function, for verifying 
signatures on a check and validating the binding to an 
associated document (if present); an "endorse" function, 
for verifying signatures on the check, and if valid, 
30 appending an endorsement and signing the check to be 
deposited or cashed; a "register read" function, for 
reading the contents of the check register contained in 
the electronic checkbook; and a "register entry" 
function, for appending an entry to the check register. 
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for exaB^le, an •XActironlc check can be a^^adied 
to electronic remittance Inforaation provided by a rercte 
payee. This enables the payaent to be aade, routed 
correctly and autonatically poeted to both parties' 
5 accounting systeu. Integration with siercqpayaent 

accounting systess for hi0» volume, small value financial 
transactions will enable those systems to settle accounts 
using an electronic checks. The standardiaation of the 
electronic checkbook interfaces and the API's to access 

10 electronic checkbook functions si]q;>lifies integration 
with a variety of home and small business accounting and 
communications software packages. By defining the layout 
of the electronic cdieck, the information it contains 
(e.g., account number and amount) can be readily 

15 extracted from the electronic check and used in other 
applications through the API's. 

Additional API functions are used to process 
ancillary electronic messages such as acknowledgment of 
deposit, returned c^ecOcs, and electronic statements. The 

20 parametric financial instrument approach allows reuse of 
the cryptographic infrastructure, especially the verify 
function, to safeguard the integrity of these messages. 
Por instance, the verify function can be used by the 
payee to verify the signature of the payer, as well as by 

25 the payee's bank and the payer's bank to verify check 
signatures and endorsements prior to further processing 
to cash or clear the electronic check. 

The API functions will be iiy>lemented by a 
combination of software operating in the user's personal 

30 computer and in the electronic checkbook hardware. In 
the case of a PC Card, using the PCMCIA interface and 
standard Card and Socket services, most of the functions 
may be iaqplemented on the PC Card since it can support 
substantial processing, memory and interface bit rate. 

35 This approach maximises the portability of electronic 
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checking inf oraatlon bacausa tha electeonic checkbook 
register function is physically coupled to the signature 
f miction. 

The electronic cdieck functions in an environment 
5 of progranatic tools, including interacting API's, 

nodules and protocols* As seen in Fig. 17, an electronic 
check is generated at the payer's workstation using 
signature card API's 300 and electronic checkbook API's 
302. The electronic check is transnitted by the payee 
10 using electronic nail and transport API's 304. The 
payee's workstation also receives the electronic che^ 
through its electronic nail and transport API's 306. The 
electronic check is integrated into the software of the 
payee's workstation using an electronic check translator 
15 nodule and is acted upon by the software in application 
nodules 308. The electronic check nodules 310 include 
extraction of the check fron the transnission, electronic 
check validation, and extraction of the renittance 
originally sent fron the payee to the payer. After 
20 applying endorsenent API's 312 to endorse the electronic 
check, the payee's workstation transnits the endorsed 
electronic check to the payee's bank for deposit using 
its electronic nail and transport API's 306. 

The payee's bank receives the endorsed electronic 
25 check via its electronic nail and transport API's 314 
according to a defined transport and deposit protocol 
316, The nodules applied by the payee's bank include an 
electronic-check translator 318, electronic check 
validation and application integration nodules 320. 
30 After interbank clearing, the electronic check with the 
payee bank's endorsenent is sent electronically to the 
payer's bank, which receives the processed electronic 
check through its electronic nail and transport API's 
322. The payer's bank also has nodules such as an 
35 electronic check translator 324, and electronic check 
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validation and application integration modules 326* The 
electronic check infrastructure is governed by a computer 
at the payer's bank or its agents which contains 
protocols 328 for the key server, public keys and the 
CRL. 

The electronic processing scheme may also be 
applied to "exceptional* cases, such as electronic checks 
returned due to insufficient funds in the payer's 
account. Since exceptions processing provides for 
dealing vith a problem in the normal flow of the 
electronic check through the system, the conventional 
paper checdc procedure may be necessary, although aspects 
of the electronic procedure may be used as support for 
more expedited exceptions processing. 

Solutions to the problem of potential fraudulent 
usage of electronic checks must be built into the system 
at each stage of the processing of an electronic che^ to 
ensure the integrity of the entire system. 

The security measures discussed above will 
eliminate most of the causes of losses due to bad checks, 
including forgery, alteration, duplication, and 
fraudulent depositing. Forgery is prevented by ensuring 
that digital signature keys are stored in secure hardware 
devices and through appropriate controls over the 
validity of electronic check certificates. Alteration is 
prevented by the application of digital signatures to the 
electronic check and through the use of the SHA function 
which creates a unique digest of the electronic document. 

Diqplication is a some^dmt more difficult problem 
to prevent, since by its very nature an all-electronic 
document can be easily reproduced. Although each of the 
payee, the payee's bank and the payor's bank verifies 
that there is no recent duplicate check, the problem of 
duplication is addressed in several additional ways. 
First, electronic checks must be dated and will expire 
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■ore rapidly than papar chacks. Saeoad, alactronio cheek 
camif ieates will also expire, preventing their use after 
a given t-ima period. This ensures that the accounts are 
periodically refreshed, and that the bank has an 
5 opportunity to ensure the integrity of the secure key 
storage device. Third, the issuer bank keeps an archive 
of electronic checks lAicsh have been presented 
previously, in addition, an "active" chec^k file will be 
used against which checks can be natched. This file need 
10 only store the checks for valid dates, as aentioned 
above, and the electronic check serial nuaber and hash 
inforaation to identify a duplicate. Also, the payer »ay 
send check details such as the check nunber, date, 
signature, payee and amount to the payer's bank at the 
15 same ti»e as the electronic check is sent so that the 
issuer's bank can aaintain a file of used electronic 
c^hecdcs. This file can be used to determine if a 
duplicate electronic check was issued and paid by the 
payer's bank. The ccunbination of these efforts should 
20 effectively minimize the risk of a duplicate electronic 
check successfully flowing through the payments system. 

Fraudulent depositing is another significant 
issue, since electronic checks irtiich are sent unencrypted 
could conceivably be deposited or "cashed" by someone 
25 other than the intended recipient. The electronic check 
provides for application of the intended recipient's 
cryptographic keys to minimise this problem. 

In the event that an electronic checkbook is 
compromised, e.g., lost, stolen, or repudiated by a 
10 customer, then the eertifioates for that electronic 
checkbook can be revoked. 

Ensuring the confidentiality of critical customer 
information is a priority for any network payments 
instrument. To this end, the electronic check need not 
5 contain existing checkiz^ account numbers «Aich could be 
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intercepted and then used to ccamit fraud by paper 
checlcB. Digital acccnmt nuabers »ay be linked with non- 
electronic account nimbers so that both types of 
transactions may take place with respect to the saaie 
5 accotint* Encryption of an electronic check is not 

required to prevent fraud due to the use of private key 
cryptographic signatures. However, electronic checks and 
other parameterized payment instruments may be encrypted, 
%Aiere possible, during transmission between parties to 

10 ensure confidentiality* 

Taxqper-resistance of the PCMCIA card is also 
needed to the extent necessary to make it economically 
unattractive for attackers to steal signature cards, 
extract the private key, and pass bad checks using the 

15 private signature key before the card is reported stolen 
and disabled. Any attempt to extract the private 
signatiire key should result in evident alteration of the 
card and should take at least a few days to succeed. 
However, an extremely high degree of tai«>er-proof ing is 

20 not necessary, since the card only contains private 
information for one or several accoimts (rather than 
system level secrets) and since the card holder has an 
incentive to report theft or tampering (rather than to 
extract a secret to use for fraud or counterfeiting) • 

25 Most importantly, the account and bank 

certificates can have expiration dates in order to limit 
the time dtnring which electronic checks can be written* 
An accotmt may be closed prior to the expiration of the 
account certificate for other security reasons, 

30 preventing verifiers from knowing that the signature on 
the electronic check is good until it clears. If the 
account is closed, its associated certificates are 
revoked. This is no different from the current situation 
in which someone continues to write checks using check 

35 blanks from a closed account. The rapid clearing of 



WOMOIMS 



PCT/US96/M771 



- 43 - 

eleetronio ohedca will deter tbis behavior, cuad banks can 
offer autonated check verification services ^ich verify 
signatures, account status and funds availability. 

OthMT eabodiments are vithin the scope of the 
5 following daias. 
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1* A coapu^er-based matbod conprislng 
creating an electronic Instnment for effecting a 
transfer of funds f ro« an ac«>unt of a payer in a funds- 
holding institution to a payee, the instrument including 
5 an electronic signattire of the payer, and 

appending, to the electronic instrxment, digital 
representations of a verifiable certificate by the 
institution of the authenticity of the account or the 
account holder. 

10 2. A computer-based method conprising 

effecting a transfer of funds from an account of a 
payer in a funds-holding institution to a payee in 
accordance vith instructions of the payer, by 

creating an electronic instrument which includes 
15 digital representations of (a) the instructions, (b) the 
identity of the payer, (c) the identity of the payee, and 
(d) the identity of the funds-holding institution, 

including with the electronic Instrument, digital 
representations of (a) a verifiable signature of the 
20 payer, and (b) a verifiable certificate of the 

authenticity of the payer and of a public signature 
verification key of the payer, 

electronically delivering the electronic 
instrument to the institution at least in part via a 
25 publicly accessible data communication medium, and 

at the institution, verifying the signatture of the 
payer and the certificate in connection with transmitting 
the funds to the payee. 

3. The method of claim 2 further comprising 
30 including an account number in the electronic 

instrument. 
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4. The aothcxl of clala 1 In ^ich tixm account 
comprises a deposit account in the institution. 

5. The Bethod of claim 1 in «teich the account 
comprises a credit account in the institution. 

5 6. The method of claim 1 in %Aich the electronic 

instrument comprises an electronic substitute for a 
check, 

7. The method of claim 1 in which the electronic 
instrument comprises an electronic stibstitute for a 

10 credit card transaction slip. 

8. The method of claim 1 in vhich the publicly 
accessible data communication medium is unsecured. 

9. mie method of cladLm 1 in vhich the institution 
comprises a baxdc. 

^5 10 • The method of claim I further comprising 

appending to the electronic instrument, digital 
representations of a verifiable signature of the payee. 

11. The method of claim 1 further comprising 
appending to the electronic instrument, digital 
20 representations of a verifiable certificate by an 
institution which holds an account of the payee. 

12* The method of claim 11 further comprising 
appending to the electronic instrument, digital 
representations of a verifiable certificate by a central 
25 banking authority with respect to the institution which 
holds the payee's account. 
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13* The me1:hod of olaiai 1 further coaprltting 
delivering lOie electronic instruaent in part via a 
private controlled secure communication medium. 

14. The method of claim 1 further comprising 

5 delivering the electronic instrument to the payee 

at least in part via a publicly accessible data 
communication medium. 

15. The method of claim 1 further cooqprising 
delivering the electronic instrument to an 

10 institution which holds an account of the payee at least 
in part via a publicly accessible data communication 
mediiui. 

16. The method of claim 1 further coaqprising 
delivering the electronic instrument from an 

15 institution which holds an account of the payee to the 
funds-holding institution via an electronic clearing 
house. 

17. The method of cladLm 1 further coi^rising 

at the payee, verifying the signature of the payer 
20 and the certificate of the institution. 

18. The method of claim l further comprising 

at an institution holding an account of the payee, 
verifying the signature of the payer and the certificate 
of the funds-holding institution. 

25 19. The method of claim 1 in which the signature 

is generated by public key cryptography. 

20. The method of claim 1 in which the appending 
step is done by a separate signature device from the 
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device which performs the creation of the electronic 
instrunent. 

21. The method of claim 1 in i^ich the electronic 
instrument comprises an electronic substitute for a 

5 traveler's check. 

22. The method of claim I in which the electronic 
instrument comprises an electronic substitute for a 
certified check. 

23. The method of claim 1 in which the electronic 
10 instrument comprises an electronic substitute for a 

cashier's check. 

24. The method of claim 1 further comprising 
delivering from the payee to the payer, at least 

in part via a publicly accessible communication medium, 
15 digital representations of (a) a proposed transaction, 
and (b) a verifiable signature of the payee. 

25. The method of claim 1 further comprising 
automatically transferring information from the 

electronic instrument to a computer-based accoimting 
20 system that tracks accounts receivable or processes 
orders. 

26. The method of claim 1 further coaprising 
maintaining a log of electronic instruments 

created. 

25 27. Apparattis coaiprising 

a token having a memory, a processor, and a port 
for communication with a coniputer, and in which 
the memory contains 
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a private encryption key associatcul with an 
account in a ftinds-holding institution and which ia 
usable to append a secure, verifiable signature to an 
electronic payment instrument drafted on the account. 

5 28. The apparatus of claim 27 in which the memory 

also contains certification information provided by the 
institution and which is usable to append secure, 
verifiable certificates to electronic payment instruments 
to certify a relationship between an owner of the 
10 signature and a public key of the owner. 

29. The apparatus of claim 27 further comprising 
means for assigning a unique identifier to each 

electronic payment instrument. 

30. The apparatus of claim 27 in which the 
15 portable token comprises a PCaCCIA compatible card. 

31. The apparatus of claim 27 in which the 
portable token comprises a smart card. 

32. The apparatus of claim 27 in which the token 
comprises an add-in computer board or a black box crypto- 

20 processor. 

33. The apparatus of claim 27 in which the 
certification information has a limited useful life. 

34. The apparatus of claim 27 in which the memory 
also contains certification information provided by a 

25 central banking authority and which is usable to append 
secure, verifiable certificates to electronic payment 
instruments to certify the authenticity of the funds- 
holding institution. 
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35. Thtt apparatus of claim 34 in vhioh the 
certification information provided by the central banking 
authority has a limited useful life. 

36. The apparatus of claim 34 in lAiich the 
5 central banking authority comprises a United States 

federal reserve bank* 

37. The apparatus of claim 27 in vhich the memory 
also contains a register of electronic payment 
instnments to vhich signatures have been appended* 

*0 38. The apparatus of claim 27 in which the 

appended signatiure comprises a signature of a payer irtio 
holds the account in the institution. 

39. The apparatus of claim 27 in vhich the 
appended signature comprises an endorsement signature of 

15 a payee. 

40. The apparatus of claim 27 in vhich the memory 
also contains a personal identification number for 
controlling access to the memory. 

41. A computer-based method of creating an 
20 electronic payment instrument comprising 

forming digital payment data vhich represents the 
identity of the payer, the identity of the payee, and the 
amount to be paid, 

in a secure hardvare token, appending a digital 
25 signature to the data. 

42. A computer-based method of endorsing a 
payment instrument comprising 
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encoring infona^ion Inoludod in t:he payMn^ 
instruMxit in digital form Into a secure hardware token, 
and 

in the token, appending a digital signature to the 
5 digital information. 

43. A computer-based method for regulating use of 
account numbers with respect to accounts in a funds** 
holding institution, cmprislng 

assigning digital account numbers for use by 
10 account holders in creating electronic instruments, the 
digital account nimbers being distinct from non- 
electronic account numbers used by account holders with 
respect to non*electronic instruments, 

at the fund-holding institution, accepting 
15 electronic instrtiments from account holders only if the 
electronic instruments include one of the digital account 
numbers. 



44. The method of claim 43 in which each digital 
accoimt number is linked with a non-electronic account 

20 number, and the two numbers are linked with a common 
account in the institution, so that electronic 
instruments and non-electronic instraments may be dra%m 
against the same account. 

45. A computer-based method of attaching a 
25 document to a related electronic payment instrument 

cosqprising, 

forming a cryptographic hash of the document, and 
appending the hash to the electronic payment 
instrument. 
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46. A coiBpu^«r*-baftMi aattiod for reducing fraud 
vlth respect to deposit of an electronic instrument with 
a funds-holding institution, conprising 

including vith the electronic instruaient a key-* 
5 encrypted signature of the payee and a public key of the 
payee, and 

at the institution, automatically checking the. 
routing code and the account number before accepting the 
electronic instrument. 

10 47. A coaputer-*based method for reducing fraud 

associated vith an electronic payment instrument 
comprising 

appending to the electronic payment instrument a 
cryptographic signature associated with a party to the 
15 instrument, and 

upon receipt of the electronic payment instnuaent, 
automatically checking the cryptographic signature 
against cryptographic signature information of other 
electronic payment instruments previously received. 

20 48 « A computer-based method for use vith an 

electronic payment instzrument coaprising 

including in the electronic payment instrument, a 
serial number, a payment amount, a payer, a payee, and a 
date, 

25 transmitting the electronic payment instrument via 

a communication netvork from an inquiring party to a 
funds-holding institution having an account eussociated 
vith the payer, 

at the funds-holding institution determining 

30 %rtiether another electronic payment instrument having the 
same payer and the same serial number had previously been 
issued. 
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electronically advising the inquiring party based 
on the determination • 



49. A coB^uter-based method for use with an 
electronic payment instrument comprising 
5 printing a paper version of the electronic payment 

instrument with digital signatures and digital 
certificates, 

passing the paper version through the chedc 
clearing system to an issuing bank, 
10 at the issuing bank, scanning the paper version to 

derive a digital version, and 

at the issuing bank electronically verifying the 
electronic version based on the signatures and the 
cert i f icates . 

15 50. Apparatus for maintaining bank account 

information electronically comprising 

a portable token holding information for eneO^ling 

a user to add signatures and certifications to an 

electronic banking instrument drawn on the account, and 
20 a separate portable token holding a register of 

transactions associated with the accoimt. 

51. The apparatus of claim 50 in which the 
separate poirtable token comprises a PCMCIA card or a 
smart disk. 



25 52* A method for regulating the use of an 

electronic financial dociment comprising 

including with the document an electronic 
signature and an electronic certification of the 
validity of an account to which the document relates. 
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accepting the electronic financial document as 
valid only if the signature and certification are 
electronically determined to be valid* 
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